Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Domain and Remote Desktop Policies

Status
Not open for further replies.

Pronet

IS-IT--Management
Oct 7, 2002
19
US
I have users who log into the Server as DomainUsers, these same users log into the same Server occasionaly as Remote Desktop users. I have the users in an OU called Remote Desktop users with a group policy in effect on the OU. My problem is that I do not want the Remote Desktop policy to affect the Users when they are logged in as DomainUsers. I do not want the Remote Desktop users to do automatic updates and have a shutdown button in their start menu. I know how to turn this off, but it affects their PC's when they login as DomainUsers. Help!!
 
Do you mean the they login to the PC's as domain users and login to the server as remotedesktop users? Or do you mean a user has two different logins? I don't understand exactly.

My local server policy and my domain controller policy which is on the container servers, don't allow anyone who isn't an administrator to shutdown. But the users can shutdown there machines becuase the policy only applies to the servers.

 
They have one user account and they login to the same server as domainusers and with remote desktop.
 
I don't believe I'm following this thread.

Are you saying they log into their machines with their username and remote to the server using the username "domianusers"?

Are you wanting a way for a normal user to remote into the server and not have the option of rebooting or shutting down the server? If that's the case, then this can be achieved by using GPMC and creating a GP under the OU that contains the computer or computers that you want to protect. Edit that OU and drill to the Computer Config-Windows Settings-Local Policies/User Rights Assignment and modify the "Shut down the system" section. Place the users you want to have permission to shutdown the computer.

Close out the windows, click on the new policy to highlight, click on the delegation tab. Add each computer that you would like this GPO to effect. If you don't add the user workstations, this GPO will not effect those settings.

The effect should be users can shut down their machines but cannot remote into a server and shut down the server. I have this set on one of my servers but my settings differ a little depending on how your AD is setup.

Hope this helps.

Justin



 
I have downloaded the GPMC utility and it has cleared up all the problems that I was having. Seems that the Authenicated Users Members group was causing all the problems. Thanks for the help.
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top